tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wolle <wo...@dorf.RWTH-Aachen.DE>
Subject Re: TC 3.2.2b4 URI Rewriting with mod_ssl
Date Thu, 03 May 2001 14:46:34 GMT
Hello,
yes, sorry Henri I will discribe it now,
I have wrote some Servlet , which uses the resopnse.encodeURL and
response.EncodeRedirectURL.
They will work fine without ssl, when you disable Cookie, the sessionID
attached to the URL. When you use the same Servlet and the same enviroment
over mod_ssl,
Session Tracking will not be possible.
That is a known Bug ,see
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=578
Marc has said, that he has fixed in the current release TC3.2.2b4, but it
won't work.
What should I describe now ? The workaround was
1. install the jnet.jar and jsse.jar in the ROMCAT/lib dir.
2.set the TOMCAT_OPTS
=-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol
3. Modify the HttpServletResponseFacade.java:
retrieving revision 1.6.2.3
diff -u -r1.6.2.3 HttpServletResponseFacade.java
--- src/share/org/apache/tomcat/facade/HttpServletResponseFacade.java
2001/03/06 17:38:13     1.6.2.3
+++ src/share/org/apache/tomcat/facade/HttpServletResponseFacade.java
2001/03/20 13:29:41
@@ -353,10 +353,14 @@
            return (false);
        if (!request.getServerName().equalsIgnoreCase(url.getHost()))
            return (false);
-        // Set the URL port to HTTP default if not available before
comparing
+        // Set the URL port to protocol default if not available before
comparing
         int urlPort = url.getPort();
         if (urlPort == -1) {
-            urlPort = 80;
+            if("http".equalsIgnoreCase(url.getProtocol())) {
+                urlPort = 80;
+            } else if ("https".equalsIgnoreCase(url.getProtocol())) {
+                urlPort = 443;
+            }
         }
        if (request.getServerPort() != urlPort)
            return (false);
I have made this with TC3.2.2b2 and TC3.2.2b3, and this works.
Then it doesn't matter if you use the ajp12 or ajp13 Protocol
(I have read that this is important to use ajp13)

so please help,
Greetings and thanks for inconvenience,
Wolle

GOMEZ Henri wrote:

> so scould you detail us an example so we could mimic
> to test and fix the problem ?
>
> -
> Henri Gomez                 ___[_]____
> EMAIL : hgomez@slib.fr        (. .)
> PGP KEY : 697ECEDD    ...oOOo..(_)..oOOo...
> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
>
> >-----Original Message-----
> >From: Wolle [mailto:wolle@dorf.RWTH-Aachen.DE]
> >Sent: Thursday, May 03, 2001 10:57 AM
> >To: tomcat-user@jakarta.apache.org
> >Subject: Re: TC 3.2.2b4 URI Rewriting with mod_ssl
> >
> >
> >Thanks,
> >but this should be the old Bug, when you have to make URI
> >Rewriting with
> >mod_ssl,
> >like the bug#578, this should be fiex in the new 3.2.2b4
> >Version, but it
> >isn't.
> >I have checked it with this new Version with the ajp12 and
> >ajp13 Protocol
> >and the new Version of mod_jk (mod_jk-eapi.so and mod_jk-stdapi.so),
> >but no one will work ;-((
> >
> >Greetings and thanks,
> >Wolle
> >
> >GOMEZ Henri wrote:
> >
> >> If you could send an example code, I'll try to fix it
> >>
> >> -
> >> Henri Gomez                 ___[_]____
> >> EMAIL : hgomez@slib.fr        (. .)
> >> PGP KEY : 697ECEDD    ...oOOo..(_)..oOOo...
> >> PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6
> >>
> >> >-----Original Message-----
> >> >From: Wolle [mailto:wolle@dorf.RWTH-Aachen.DE]
> >> >Sent: Thursday, May 03, 2001 12:13 AM
> >> >To: tomcatUser
> >> >Subject: TC 3.2.2b4 URI Rewriting with mod_ssl
> >> >
> >> >
> >> >I have testet the TC3.2.2b4 now with the ajp13 protocol over the new
> >> >mod_jk-eapi.so
> >> >and mod_jk-stdapi.so (release 4/30), and nothing will work with URI
> >> >Rewriting.
> >> >Have I  something more to  do ? set TOMCAT_OPS like below,
> >or to copy
> >> >the
> >> >jsee.jar and jnet.jar in the lib dir ?
> >> >
> >> >Greetings and sorry for the massive questions,
> >> >Michael
> >> >
> >> >Marc Saegesser wrote:
> >> >
> >> >> There were two problems that I knew about and both are
> >described in
> >> >the bug
> >> >> report http://nagoya.apache.org/bugzilla/show_bug.cgi?id=578.  One
> >> >problem
> >> >> is addressed by defining
> >> >>
> >java.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol and
> >> >other
> >> >> problem was that it wouldn't set the default port
> >correctly for https
> >> >URLs.
> >> >>
> >> >> Both of these bugs have been fixed in beta 4.  If your
> >still seeing a
> >> >> problem there must be something else wrong that I haven't
> >seen yet.
> >> >One
> >> >> thing to note, however, is that there is a known issue with
> >> >AJP12 that
> >> >
> >> >> prevents URL rewritting from working correctly on ports other than
> >> >443.  For
> >> >> example, if your using Apache to serve HTTPS on port 8443
> >then Tomcat
> >> >won't
> >> >> know that the connection is secure and will think the URL
> >scheme is
> >> >actually
> >> >> HTTP.  This is a limitation of the AJP protocol and we
> >can't fix it.
> >> >The
> >> >> AJP13 protocol does not have this problem.
> >> >>
> >> >> > -----Original Message-----
> >> >> > From: Wolle [mailto:wolle@dorf.RWTH-Aachen.DE]
> >> >> > Sent: Tuesday, May 01, 2001 2:55 PM
> >> >> > To: tomcat-dev@jakarta.apache.org
> >> >> > Subject: Tomcat 3.2.2 beta 4 & mod_ssl & URI
> >> >> >
> >> >> >
> >> >> > Hello,
> >> >> > i have one question about the session tracking (URI)
> >with mod_ssl.
> >> >> > You have said, that you have fixed it.
> >> >> > But in TC3.2.2b4 it isn't fixed, did you mean you fixed it only
> >> >> > in the final
> >> >> > release ?
> >> >> > I think session tracking and mod_ssl is some important thing,
> >> >> > that should work
> >> >> > together.
> >> >> >
> >> >> > Please worte back,
> >> >> > Michael
> >> >> >
> >> >
> >
> >--
> >__
> >Gruss,
> >Wolle
> >
> >-------------------------------------------------------
> >                      mwollenhaupt@web.de
> >
> >

--
__
Gruss,
Wolle

-------------------------------------------------------
                      mwollenhaupt@web.de



Mime
View raw message